Download presentation
Presentation is loading. Please wait.
1
Internal Control Concepts Knowledge
2
Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance
3
Internal Control Objectives Safeguarding of information technology assets Compliance to corporate policies or legal requirements Authorization/input Accuracy and completeness of processing of transactions Output Reliability of process Backup/recovery Efficiency and economy of operations
4
Information Systems Control Objectives Safeguarding assets Assuring the integrity of general operational system environments Assuring the integrity of sensitive and critical application system environments –Authorization of the input –Accuracy and completeness of processing of transactions –Reliability of overall information processing activities –Accuracy, completeness and security of the output –Database Integrity Ensuring the efficiency and effectiveness of operations (operationnal objectives) Complying with the users' requirements, organizational policies and procedures, and applicable laws and regulations (compliance objectives) Developing business continuity and disaster recovery plans Developing an incident response and handling plan
5
COBIT 34 high level control objectives 4 domains –Plan and organize –Acquire and implement –Deliver and support –Monitor and evaluate
6
Other Internal Control Standards ITIL ISO IEC 1799 Sarbanes - Oxley COSO
7
Procedures Strategy and direction General organizational and management Access to data and programs Systems development methodologies and change control Data processing operations Systems programming and technical support functions Data processing quality assurance procedures Physical access controls Business Continuity/Disaster Recovery Planning Network and Communications Database administration
8
Application Controls Function To ensure Auditor task
9
Function Input Processing Output
10
Input Input Authorization Batch Control and Balancing Error reporting and handling Techniques
11
Input Authorization Signatures on batch forms or source documents Online access controls Unique password Terminal or client workstation identification Source documents –Standard headings –Title and instructions –Layouts Emphasize ease of use and readability Group similar fields together to facilitate input Provide predetermined input codes to reduce errors Contain appropriate cross-reference numbers or a comparable identifiier to facilitate research and tracing Use boxes to identify field size errors Include an appropriate area for management to document authorization
12
Batch Control and Balancing Types of batch control Types of batch balancing
13
Types of batch control Total monetary amount Total items Total documents Hash totals
14
Types of batch balancing Batch registers Control accounts Computer agreement
15
Error reporting and handling Rejecting only transactions with errors Rejecting the whole batch of transactions Holding the batch in suspense Accepting the batch and flagging error transactions
16
Techniques Transaction log Reconsilition of data Documentation Error correction procedures Anticipation Transmittal log Cancellation of source documents
17
Error correction procedures Logging of errors Timely corrections Upstream resubmission Approval of corrections Suspence file Error file Validity of corrections
18
Processing Data Validation and Editing Procedures Techniques Data file control procedures
19
Techniques Manual recalculations Editing Run to run totals Programmed controls Reasonableness verification of calculated amounts Limit checks on calculated amounts Reconciliation of file totals Exception reports
20
Data file control procedures System control parameters Standing data Master data/balance data Transaction files
21
Output Logging and storage of negotiable, sensitive and critical forms in a secure place Computer generation of negotiable instruments, forms, and signatures Report distribution Balancing and reconciling Output error handling Output report retention Verification of receipt of reports
22
To ensure Only complete, accurate, and valid data are entered and updated in a computer system Processing accomplishes the correct task Processing results meet expectations Data are maintained
23
Auditor task Identifying the significant application component and the flow of transactions throught the system and gaining a detailed understanding of the application by reviewing the availability documentation and interviewing appropriate personnel Identifying the application control strenghts, and evaluation the impact of the control weaknesses on the development of a testing strategy by analyzing the accumulated information Testing the controls to ensure their functionality and effectiveness by applying appropriate audit procedures Evaluating the control environment to determine that control objectives were achieved through analyzing the test results and other audit evidence Considering the operational aspects of the application to ensure its efficiency and effectiveness by comparing the system with efficient programming standards, analyzing procedures used and comparing them to management's objectives for the systems
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.